Your wp-config.php file isnโt just for database credentials โ itโs a master control panel for WordPress. With a few simple commands you can improve security, performance, and flexibility. Below are real examples plus short notes on what each rule does.
1. Database Settings
define( 'DB_NAME', 'my_wp_database' ); // Name of your WordPress database
define( 'DB_USER', 'my_db_user' ); // Database username
define( 'DB_PASSWORD', 'superSecret' );// Database password
define( 'DB_HOST', 'localhost' ); // Database host/server
$table_prefix = 'wp_'; // Table prefix (change for security)
๐ What it does: Connects your WordPress site to the correct database and sets the table prefix.
2. Authentication Keys & Salts
define( 'AUTH_KEY', 'generated-key' ); // Secret key for authentication
define( 'SECURE_AUTH_KEY', 'generated-key' ); // Secure auth cookie key
define( 'LOGGED_IN_KEY', 'generated-key' ); // Logged-in cookie key
define( 'NONCE_KEY', 'generated-key' ); // Nonce (one-time token) key
define( 'AUTH_SALT', 'generated-key' ); // Salts add extra security
// โฆ repeat for SECURE_AUTH_SALT, LOGGED_IN_SALT, NONCE_SALT
๐ What it does: Protects cookies and sessions from hacking attempts. Generate fresh keys at https://api.wordpress.org/secret-key/1.1/salt/.
3. Debugging & Logging
define( 'WP_DEBUG', true ); // Turns on WordPress debug mode
define( 'WP_DEBUG_LOG', true ); // Logs errors to wp-content/debug.log
define( 'WP_DEBUG_DISPLAY', false ); // Hides errors from public display
๐ What it does: Helps find and log errors safely without showing them to visitors.
4. Performance Tweaks
define( 'WP_MEMORY_LIMIT', '256M' ); // Increase PHP memory limit
define( 'AUTOSAVE_INTERVAL', 300 ); // Autosave every 5 minutes
define( 'WP_POST_REVISIONS', 5 ); // Keep only 5 revisions per post
define( 'EMPTY_TRASH_DAYS', 7 ); // Empty trash every 7 days
๐ What it does: Reduces clutter and improves site performance.
5. Security Hardening
define( 'DISALLOW_FILE_EDIT', true ); // Disable file editing in dashboard
define( 'DISALLOW_UNFILTERED_HTML', true );// Prevent unfiltered HTML uploads
define( 'FORCE_SSL_ADMIN', true ); // Force HTTPS in wp-admin
๐ What it does: Blocks attackers from editing files, enforces HTTPS, and stops risky HTML uploads.
6. Cron & Update Control
define( 'DISABLE_WP_CRON', true ); // Disable WPโs built-in cron
define( 'WP_CRON_LOCK_TIMEOUT', 120 ); // Limit cron lock time
define( 'WP_AUTO_UPDATE_CORE', 'minor' ); // Allow only minor core updates
๐ What it does: Moves scheduled tasks to a real server cron job and controls automatic updates.
7. File System & Upload Paths
define( 'FS_METHOD', 'direct' ); // Direct file writes
define( 'UPLOADS', 'custom_uploads' ); // Custom uploads folder
define( 'WP_TEMP_DIR', dirname(__FILE__).'/tmp/' ); // Custom temp folder
๐ What it does: Moves upload/temp folders for better organization and gives control over file system methods.
8. Multisite & Domain Mapping
define( 'WP_ALLOW_MULTISITE', true ); // Enable multisite installation
define( 'NOBLOGREDIRECT', 'https://example.com' ); // Redirect to main domain if no blog
๐ What it does: Lets you run multiple WordPress sites in one install and set default redirects.
9. Image & Script Tweaks
define( 'JPEG_QUALITY', 80 ); // Set default JPEG quality
define( 'CONCATENATE_SCRIPTS', false ); // Donโt combine JS files (debugging)
๐ What it does: Reduces image size globally and makes debugging scripts easier.
10. Custom Constants
define( 'MY_PLUGIN_ENV', 'development' ); // Custom constant for your plugin/theme
๐ What it does: Lets your theme or plugins check the environment before running special code.
11. Fix or Move Your Site URL
define( 'WP_HOME', 'https://example.com' ); // Home URL of your site
define( 'WP_SITEURL', 'https://example.com' ); // WordPress core files URL
๐ What it does:
WP_HOMEย sets the main โfront-endโ URL visitors use to reach your site.WP_SITEURLย tells WordPress where its core files live.
Together, these constants are very useful when youโreย moving WordPress to a new domain, switching from HTTP to HTTPS, or fixing broken URLs after migration.